CVE-2007-0768
published 2007-02-06CVE-2007-0768: Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.77%
75.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yahoo | messenger | <= 8.1.0.209 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-2691 mysql DROP privilege not enforced when renaming tables
bugzilla·2007-05-29·CVSS 4.9
CVE-2007-2691 [MEDIUM] CVE-2007-2691 mysql DROP privilege not enforced when renaming tables
CVE-2007-2691 mysql DROP privilege not enforced when renaming tables
Description of problem:
Contrary to what the documentation says, ALTER privilege on the old table
and CREATE and INSERT privileges on the new table are sufficient for the
user to be able to rename a table.
Version-Release number of selected component (if applicable):
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18.
Discussion:
Upstream bug report: http://bugs.mysql.com/bug.php?id=27515
---
Reporter changed to [email protected] by request of Jay Turner.
---
This issue has been addressed in following products:
Red Hat Linux Enterprise 4
Red Hat Linux Enterprise 5
Red Hat Application Stack v1 for Enterprise Linux AS/ES (v.4)
Via
https://rhn.redhat.com/errata/RHSA-2008-0768.html
h
Bugzilla
CVE-2006-4031 MySQL improper permission revocation
bugzilla·2006-08-11·CVSS 2.1
CVE-2006-4031 [LOW] CVE-2006-4031 MySQL improper permission revocation
CVE-2006-4031 MySQL improper permission revocation
MySQL improper permission revocation
If a user has been granted permissions to create a MERGE table, even
after permissions have been revoked from the parent table, the user
can access the data via the MERGE table.
More information including a patch can be found here:
http://bugs.mysql.com/bug.php?id=15195
Discussion:
moving to security response parent bug
---
This issue was addressed in:
Red Hat Application Stack:
http://rhn.redhat.com/errata/RHSA-2007-0083.html
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0364.html
http://rhn.redhat.com/errata/RHSA-2008-0768.html
http://osvdb.org/31674http://secunia.com/advisories/23928http://www.securityfocus.com/archive/1/458225/100/0/threadedhttp://www.securityfocus.com/archive/1/458305/100/0/threadedhttp://www.securityfocus.com/archive/1/458494/100/0/threadedhttp://www.securityfocus.com/bid/22269http://osvdb.org/31674http://secunia.com/advisories/23928http://www.securityfocus.com/archive/1/458225/100/0/threadedhttp://www.securityfocus.com/archive/1/458305/100/0/threadedhttp://www.securityfocus.com/archive/1/458494/100/0/threadedhttp://www.securityfocus.com/bid/22269
2007-02-06
Published